cisummit 2013: tom mcandrew, discover your insider threats through their network
DESCRIPTION
TRANSCRIPT
1
Insider Threats
Tom McAndrew
1
Ninja
2
ONNA- “Woman”
Ninja
Shinobi
KU – “NINE”
NO – “AND/TALENT
ICHI – “ONE”
HIMEJI Castle
American Ninja Warrior
3
Today’s Threats
4 http://www.nsa.gov/research/tnw/tnw194/article2.shtml
“The ongoing cyber-thefts from the networks of
public and private organizations, including Fortune
500 companies, represent the greatest transfer of
wealth in human history.”
ONCIX
5
ONCIX
6
• Insider threats remain the top counterintelligence challenge to our community.
• Over the past century, the most damaging U.S. counterintelligence failures were perpetrated by a trusted
insider with ulterior motives.
• In each case, the compromised individual exhibited the identifiable signs of a traitor – but the signs went
unreported for years due to the unwillingness or inability of colleagues to accept the possibility of treason.
• Insiders … are people who have been lured to betray their nation for ideological reasons, a lust for
money or sex, or through blackmail.
• Mankind's methods may change – but core motivations do not.
• Insiders convicted of espionage have, on average, been active for a number of years before being
caught.
• The damage caused by malicious insiders will likely continue to increase unless we have effective
insider threat detection programs that can proactively identify and mitigate the threats before
they fully mature.
http://www.ncix.gov/issues/ithreat/index.php
NITTF
7
Six Recommendations from FBI
8
“Remind employees that reporting security concerns is vital to protecting your company’s intellectual property, its reputation, its financial well-being, and its future. They are protecting their own jobs. Remind them that if they see something, to say something.” – FBI Insider Threats
Ease of Implementation
Less Technical More Technical
2. Educate and regularly train employees on security or other
protocols
4. Ensure that proprietary information is adequately, if not
robustly, protected.
1. Use appropriate screening processes to select new
employees.
3. Provide non-threatening, convenient ways for employees
to report suspicions.
5. Routinely monitor computer networks for suspicious activity.
6. Ensure security (to include computer network security) personnel have the
tools they need.
FBI: http://www.fbi.gov/about-us/investigate/counterintelligence/the-insider-threat ONCIX: http://www.ncix.gov/issues/ithreat
Why we need Network Analytics?
9
Rapid Adoption of 4 “Game Changing” Technologies
10